Your Node May Be Leaking Your IP
₿ Bitcoin Gate TECH Your Node May Be Leaking Your IP BTC $64,382 bitcoingate.net

Your Node May Be Leaking Your IP

Technology·By Bitcoin Gate Team

Why This Matters

If you run a Bitcoin full node and turned on the new -privatebroadcast feature in version 31.0, your node may be silently revealing your IP address — the exact thing the feature was designed to prevent.

Bitcoin Core developers disclosed the vulnerability on June 6, crediting researcher Eugene Siegel with the responsible discovery. A fix will ship in version 31.1, but until then, affected node operators need to take action.

This is not a network-wide emergency. It does not affect regular wallet transactions or the Bitcoin protocol itself. But for the subset of users who rely on -privatebroadcast for privacy — often the most privacy-conscious node operators — the bug undermines the very protection they enabled.

What the Bug Does

The -privatebroadcast feature, introduced in Bitcoin Core 31.0 in April 2026, is designed to route transaction broadcasts through Tor so that receiving peers never learn the originator's real IP address.

The flaw is in the fallback logic. When the software attempts an encrypted v2 connection to another node and that handshake fails, it silently retries over a standard v1 connection — bypassing Tor entirely. The receiving peer then sees the sender's real IP address and, with it, their approximate physical location.

Worse, this can be triggered deliberately. A malicious peer can force-close the v2 handshake, causing the node to fall back to the unprotected connection. For anyone relying on -privatebroadcast to separate their Bitcoin activity from their real-world identity, this is a serious exposure.

Who Is Affected

The scope is narrow but important:

  • Affected: Nodes running Bitcoin Core 31.0 with -privatebroadcast explicitly enabled
  • Not affected: Nodes on older versions, nodes that never enabled the feature, and standard wallet transactions

The feature is off by default, so most node operators are not impacted. But those who turned it on did so precisely because they wanted stronger privacy — making this bug particularly consequential for its target audience.

What to Do Right Now

Until version 31.1 ships, the Bitcoin Core team recommends three mitigations:

  1. Disable -privatebroadcast — the simplest fix, though it removes the privacy feature entirely
  2. Force all traffic through Tor — route your node's entire outbound traffic through Tor at the OS level, not just the broadcast feature
  3. Disable v2 transport — set -v2transport=0 to prevent the fallback that triggers the leak

Option 2 is the most robust if you want to maintain privacy while waiting for the patch.

The Bigger Picture

This is the second Bitcoin Core vulnerability disclosure in recent months, following CVE-2024-52911 in May, which left 43% of nodes exposed. The pattern underscores two things: Bitcoin Core's responsible disclosure process is working, and running a node carries ongoing maintenance obligations.

The Bitcoin network's security depends on a decentralized fleet of full nodes. When those nodes run outdated or misconfigured software, the network's privacy guarantees weaken — even if the protocol itself remains sound.

Bitcoin Gate Take

This bug is a reminder that running a Bitcoin node isn't set-and-forget. Privacy features are only as strong as their implementation, and even well-intentioned code can have subtle fallback failures. If you run a node, subscribe to Bitcoin Core's security advisories and update promptly. The fix in 31.1 will close this gap, but the discipline of staying current is what actually protects you.

bitcoin-coreprivacynode-security
Back to News
Your Node May Be Leaking Your IP | Bitcoin Gate